The [Port of Seattle](https://cybersecuritynews.com/seattle-airport-cyberattack/) has confirmed that the Rhysida ransomware gang orchestrated the cyberattack that disrupted its systems and operations in late August. The attack on August 24, 2024, forced the Port to isolate critical systems, resulting in widespread outages impacting Seattle-Tacoma International Airport and the Port’s maritime facilities.According to the Port’s statement, the Rhysida attackers gained unauthorized access to certain parts of their computer systems and encrypted some data.This led to disruptions in various airport services, including baggage handling, check-in kiosks, ticketing, Wi-Fi, passenger display boards, and the Port’s website and mobile app.Decoding Compliance: What CISOs Need to Know — **[Join Free Webinar](https://webinars.indusface.com/decoding-compliance-what-cisos-need-to-know/register?utm_source=blog-cta&utm_medium=referral&utm_campaign=2024-september-decoding-compliance-what-cisos-need-to-know)**Despite the severity of the attack, the Port has refused to pay the ransom demanded by the [Rhysida gang](https://cybersecuritynews.com/rhysida-ransomware-attacking-windows/).’Paying the criminal organization would not reflect Port values or our pledge to be a good steward of taxpayer dollars,’ said Steve Metruck, Executive Director of the Port of Seattle. As a result, the Port warns that the attackers may publish stolen data on their dark website.> On Aug. 24, the Port of Seattle identified system outages consistent with a cyberattack. It was a fast-moving situation, and Port staff worked to quickly isolate critical systems. [pic.twitter.com/MruG4jXXUc](https://t.co/MruG4jXXUc)> — Seattle-Tacoma Intl. Airport (@flySEA) [September 13, 2024](https://twitter.com/flySEA/status/1834675801117409745?ref_src=twsrc%5Etfw)The Port’s [investigation](https://www.washingtonports.org/port-of-seattle-updates) into the incident is ongoing, but it appears that the attackers exfiltrated some data in mid-to-late August. If any employee or passenger’s personal information is found to have been compromised, the Port has committed to notifying affected individuals.Since the attack, the Port has been working to restore affected systems and enhance its cybersecurity measures. While most services were brought back online within a week, work is still underway to fully restore the Port’s website and internal portals.The Port remains on heightened alert and is continuously monitoring its systems for any further unauthorized activity.Rhysida is a relatively new but highly active [ransomware operation](https://cybersecuritynews.com/fbi-dismantles-dispossessor/) that has targeted various sectors, including healthcare, government, and now transportation.The gang has been linked to several high-profile attacks in recent months, including the breaches of the British Library and the Chilean Army.As the investigation continues, the Port remains committed to transparency, strengthening its defenses, and sharing information to help protect other organizations from similar attacks.**Simulating Cyberattack Scenarios With All-in-One Cybersecurity Platform — [Watch Free Webinar](https://go.cynet.com/how-to-achieve-total-protection-webinar?utm_source=cyber_security_news&utm_medium=social&utm_campaign=Q3-sponsored-content&utm_content=all-in-one-demo-on-demand)**The post [Port of Seattle Confirms August Cyberattack by Rhysida Ransomware](https://cybersecuritynews.com/port-of-seattle-rhysida-ransomware/) appeared first on [Cyber Security News](https://cybersecuritynews.com).
Related Tags:
NAICS: 48 – Transportation
NAICS: 481 – Air Transportation
NAICS: 519 – Web Search Portals
Libraries
Archives
Other Information Services
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 92 – Public Administration
NAICS: 922 – Justice
Public Order
Safety Activities
NAICS: 51 – Information
Blog: Cybersecurity News
External Remote Services
Associated Indicators: